Maxim

Fashion retailer optimizes E-Commerce site availability and security

Overview

With its headquarters located in Kobe, the capital city of Hyogo Prefecture, maxim operates Kobe Lettuce, a fashion shopping website targeted to women. The website’s diverse range of goods, which include famous brands and popular items featured in magazines, has garnered many customers as it continues to grow. “To provide our customers with an enjoyable shopping and fashion experience, we work to proactively expand our trend-leading product range, and improve the user-friendliness of our service,” said maxim’s Yuji Tanaka.

"With Deep Security and AWS WAF, we successfully resolved the challenges related to the availability and safety of the e-commerce site. Now, we can provide the kind of available environment customers are looking for."

Yuji Tanaka,
Manager, Service Development Section maxim, co. Ltd

Challenges

maxim built its e-commerce site on Amazon Web ServicesSM (AWS) and uses a cloud-type web application firewall (WAF) to strengthen the security of the site. However, the company faced challenges with ensuring the availability of its e-commerce site to its growing list of customers.
“Until recently, we only had a single WAF, which meant that there was a risk that services would stop if trouble occurred, even if there were no problems with the site itself,” said Taishi Morinaga of Classmethod, maxim’s IT partner.

maxim’s e-commerce site was periodically inaccessible to customers due to a recurring problem with the WAF. Fortunately for maxim, the WAF would be restored in short order and losses would be minor, but they were unable to predict when the problem would occur next. “If the website was unavailable while we were advertising a limited-time sale, we could lose our customer’s trust,” said Tanaka. To resolve the website’s availability issues, maxim needed a redundant WAF solution.

"Deep Security is a powerful solution to strengthen server security. It’s also useful for easily configure settings and operations of AWS WAF."

Why Trend Micro

As global leader in cloud security in Japan, Trend Micro was well-known to the maxim team for its ability to protect a variety of IT environments—including AWS. To create a redundant WAF that would ensure availability, maxim decided to combine the WAF from AWS with Trend Micro™ Deep
Security™ based on the requirement that the current operating processes would change as little as possible. “Although AWS WAF would have been fine on its own if we were only adding another WAF, the combination with Deep Security made it even safer. We decided to adopt the combination, which also enabled greater efficiency,” said Morinaga.

As maxim learned, Deep Security™ was not only able to contribute to a strengthened WAF and its efficient implementation, the solution also provided a comprehensive range of enhanced server security functions. These capabilities included malware countermeasures, intrusion detection and prevention systems, system change monitoring, and security log monitoring.

Solution

Trend Micro engineers developed open source API tools to efficiently link Trend Micro™ Deep Security™ with AWS WAF that allows verification of vulnerabilities which exist on servers operating with Deep Security™, as well as the creation and application of rules. For example, Deep Security™ searches the servers that it is protecting and recommends the application or removal of certain security rules. In addition to the application or removal of rules, Deep Security™ also allows rules for protecting vulnerabilities to be created and applied.

“With Deep Security, we don’t spend time and labor creating security rules. Instead, we are able to configure the WAF with the optimum rules, based on the accumulated expertise of Trend Micro,” says Morinaga. “Because the linking tool is open source, we are able to communicate with engineers directly and request improvements. For system integrators like Classmethod, it is an extremely helpful mechanism.”

In addition to the AWS WAF linking tool, Trend Micro engineers also provide tools which link Deep Security™ with Amazon Simple Notification Service (SNS), a push-type message dispatch service, and Amazon Inspector, which automatically evaluates the vulnerabilities of applications.

Results

Maxim successfully enhanced the availability of its e-commerce site through the use of Trend Micro™ Deep Security™ and AWS WAF. “If there is any trouble with the WAF, there is an automatic switchover to the standby AWS WAF and services can continue. As a result, our anxieties around security and site availability have disappeared,” said Tanaka.

The combination with Deep Security™ has also optimized the operational management of AWS WAF. “With Deep Security, we were able to easily configure settings to optimize availability. To perform the same operation manually would have increased the workload more than ten-fold.” said Morinaga.

In addition to protecting maxim’s servers, Deep Security™ also enhanced the e-commerce site’s overall security. “Because e-commerce sites don’t handle files, there is a line of thinking that believes a WAF on its own is sufficient. However, there is a risk of immense server-side damage occurring if someone broke through the WAF,” said Tanaka. “Now that our servers are protected with Deep Security, and we have established multiple defenses to protect us, the enhanced data protection and availability give us a great sense of relief.”

What's Next

Deploying Trend Micro™ Deep Security™ to efficiently improve the availability and security of maxim’s e-commerce site was just the beginning of ongoing security improvements for maxim. “For an e-commerce business, ensuring that the backbone of the business, the website, is always available is important. However, because we also handle personal information and financial data, security is extremely important. We will work with Trend Micro to make continuous efforts to strengthen security in the future,” said Tanaka.